Knowing where your company keeps sensitive customer data is a key element in the battle to keep that data private.

Although most organizations think they have effective privacy policies, 60% say that data loss is a recurring problem, according to a new Accenture study. Almost two-thirds (58%) of those surveyed have had at least one security breach in the past two years, even though 73% felt their privacy policies were adequate, the study, How Global Organizations Approach the Challenge of Protecting Personal Data, found.

Knowing more, protecting more

However, respondents that didn’t suffer breaches have important practices to share: more organizations (75%) that succeeded in keeping customer’s personal data–including their names, Social Security numbers, addresses, birthdays and even medical histories–safe know exactly where the company kept that data in its IT structure than those that had breaches (66%).

The successful respondents also acknowledged more of an obligation (72%) to keep the information safe, than those hit with breaches (60%).

“Our study underscores the importance of taking a comprehensive approach to data privacy and protection, one that closes the gaps between business strategy, risk management, compliance reporting and IT security,” Alastair MacWillon, managing director of Accenture’s Security practice, said in a statement outlining the findings.

The bulk of any organization’s privacy struggle is internal, the study reveals: cyber crime only accounts for 18% of privacy breaches, while 57% stems from business or system failure, and employee negligence or errors accounts for 48% of breaches.

That may not be news to consumers, who don’t have a lot of faith that organizations will keep their personal information safe. Almost half are “skeptical” that their information is well protected, the survey found.